Regulator launches consultation on GDPR changes to fundraising code

The exercise, run by the Fundraising Regulator, will run until 8 December

The CAN Mezzanine building in London that houses the Fundraising Regulator
The CAN Mezzanine building in London that houses the Fundraising Regulator

The Fundraising Regulator has launched a consultation on the changes it plans to make to the Code of Fundraising Practice to include the requirements of the General Data Protection Regulation.

The regulator is asking for views from charities, fundraisers and members of the public on an updated version of the code covering GDPR, stringent data protection laws due to come into force from March.

The consultation will run until 8 December and the new version of the code will be released in the spring, the regulator said in a statement today.

The regulator said the updated code would also address the issues raised by the fines levied by the Information Commissioner’s Office against 13 charities over data protection breaches in the past two years.

The new version of the code will ensure the regulator’s guidance and terminology is consistent with that used in the GDPR legislation and will signpost users to other guidance from the regulator and the ICO, the statement said.

The updated version of the code includes three new sections to explain areas where there have been calls for greater clarity and guidance on what the new rules mean.

One of the new sections explains what counts as processing someone’s personal data and when data protection rules apply. This section says data matching and wealth screening, two of the activities that led the ICO to issue fines to charities that had carried them out without donors' knowledge, count as processing someone's data. 

Another section focuses on consent, which will use the ICO’s draft GDPR guidance to explain how charities can obtain consent to process people’s data.

The final new section offers advice on legitimate interest, which allows organisations to process people’s data without obtaining consent.

The ICO has not yet published guidance on legitimate interest, so the information in the code will be drawn from the GDPR legislation itself and the recommendations of a working group on donor communications set up by the National Council for Voluntary Organisations.

The new code also warns charities must keep up to date with the latest guidance from the ICO.  

Suzanne McCarthy, chair of the Fundraising Regulator’s standards committee, said: "Protecting personal data is a fundamental part of meeting the key principles of legal, open, honest and respectful fundraising within the code.

"We welcome views on whether the changes proposed are clear in communicating fundraisers’ legal and ethical responsibilities on data."

The consultation document is available here

Have you registered with us yet?

Register now to enjoy more articles and free email bulletins

Already registered?
Sign in
RSS Feed

Third Sector Insight

Sponsored webcasts, surveys and expert reports from Third Sector partners